Salon Offers To Remove Ads If Visitors Help Mine Cryptocurrency

from the just-renting dept

As we've been discussing, the rise of stealth cryptocurrency miners embedded on websites has become a notable problem. In some instances, websites are being hacked and embedded with stealth cryptocurrency miners that quickly gobble up visitors' CPU cycles without their knowledge. That's what happened to Showtime recently when two different domains were found to be utilizing the Coinhive miner to hijack visitor broswers without users being informed. Recent reports indicate that thousands of government websites have also been hijacked and repurposed in this fashion via malware.

But numerous websites are also now exploring such miners voluntarily as an alternative revenue stream. One major problem however: many aren't telling site visitors this is even happening. And since some implementations of such miners can hijack massive amounts of CPU processing power while sipping a non-insubstantial amount of electricity, that's a problem.

Creative exploration of alternative revenue streams is obviously necessary, and there's numerous examples where site-driven cryptocurrency miners could be used to help bolster scientific research. Salon pretty clearly understands this decision is controversial, offering up an entire website explaining how making money from journalism is hard, and the company needed to explore some new, creative solutions in order to stay afloat:

"Salon is instructing your processor to run calculations. Think of it like borrowing your calculator for a few minutes to figure out the answer to math problems, then giving it back when you leave the site. We automatically detect your current processing usage and assign a portion of what you are not using to this process. Should you begin a process that requires more of your computer’s resources, we automatically reduce the amount we are using for calculations."

That said, security researchers have similarly warned that this is a very slippery slope, and for every website that's being transparent about the process and respectful of the possible impact on computer performance, there're countless others who quite obviously won't give much of a damn about either. These are, after all, the same websites that are now engaging in ham fisted and annoying ad blocker blocking, frequently oblivious to how their own obnoxious ad decisions drove the rise of ad blockers in the first place.

As Malwarebytes researchers recently noted, there's no limit of websites that are already pushing their luck on this front:

"The question at this point is: How far can publishers push the limits towards a really bad user experience? You may be surprised that for many, this is not really a problem at all and that double dipping is, in fact, a fairly common practice...publishers ought to be more transparent with their audience because no-one likes unannounced guests. Unfortunately, there will always be publishers that care very little about what kind of traffic they push, so long as it generates good revenues; for those, cryptominers are just an added income to their existing advertising portfolio."

If implemented with respect for the end user and transparency, such miners may not be a bad thing. But bad actors could very quickly create an environment where users feel they're being accosted by sites that don't respect either, resulting in another layer of cat and mouse gamesmanship between sites publishers and readers. So while there's certainly potential here, escalating an already adversarial relationship in the adblocker era isn't likely to excite readers, forge community, or save journalism anytime soon.

Reader Comments

Re: Re: Re: So, Site visitors are cows to be milked?

Just because there isn't currently a publicly known way to exploit someone's computer via a sandboxed app with this access doesn't mean someone won't figure out or hasn't already discovered a means to do so.

I know at some point you just have to trust something or someone but voluntarily handing over control of a computer to a third party before it has been fully vetted is a very insecure practice.

Just remember spectre and meltdown. Those both exploited something that for years the world thought was safe.